Privacy Policy

Last updated: April 2026

Privacy Policy

Version: 2026-05-robots-policy Last Updated: April 2026

1. About This Policy

Chat4U is an AI chat platform that helps website owners deploy intelligent chat agents powered by their own content. This Privacy Policy explains how Chat4U ("Chat4U", "we", "us", or "our") collects, uses, discloses, stores, and protects personal data when you visit our website, create or use a Chat4U account, use our dashboard, contact us, interact with hosted demos, embed or interact with the Chat4U widget, configure agents, upload or scrape content, or use Pro Agent features.

This Policy distinguishes between data we process as controller and data we process as processor for our customers. In many cases, our customer is the controller of visitor chat data, scraped content, uploaded content, and project knowledge-base data, and Chat4U processes that data on the customer's behalf under our Data Processing Addendum ("DPA"). If you are a visitor using a Chat4U widget on a customer's website, you should also read that website owner's privacy policy.

This Policy is not a substitute for a customer's own privacy notice. Customers are responsible for providing legally required notices and obtaining legally required consents for their websites, visitors, agents, data sources, and use cases.

2. Our Roles

Chat4U is generally controller for:

  • account registration, authentication, profile, workspace, and organization data;
  • billing-plan, usage, credits, add-on, and subscription administration data;
  • marketing website visits, contact forms, sales inquiries, and support communications;
  • platform security, fraud prevention, abuse prevention, and operational logs;
  • legal acceptance records, scrape audit logs, privacy request logs, and compliance evidence;
  • product analytics and aggregated service usage data.

Chat4U is generally processor for:

  • visitor messages sent through Customer chat widgets;
  • Customer project, agent, prompt, and datasource configuration where it contains personal data;
  • scraped pages, uploaded files, raw text, extracted content, citations, structured data, chunks, embeddings, and RAG retrieval context;
  • Pro Agent browser snapshots, element reads, tool parameters, tool results, and approvals;
  • demo conversations created for a Customer's demo experience.

If Customer acts as processor for another controller, Chat4U may act as sub-processor.

3. Personal Data We Collect

3.1 Account and Authentication Data

When you create or use a Chat4U account, we may process your name, email address, user identifier, authentication metadata, organization membership, roles, permissions, account status, invited-user details, and related profile information. Authentication and organization management may be provided through third-party identity services.

3.2 Workspace, Project, and Configuration Data

We process project names, domains, allowed domains, country settings, business context, contact information, plan assignment, usage limits, agent prompts, model/provider settings, widget customization, display settings, guardrail settings, Pro Agent settings, demo configuration, and other dashboard configuration.

If this information includes personal data, Customer is responsible for ensuring it is lawful to submit and process it.

3.3 Visitor Chat and Demo Data

When a visitor interacts with an embedded Chat4U widget or hosted demo, we may process conversation/session identifiers, visitor messages, assistant responses, timestamps, feedback, source references, browser metadata, page URL, referrer, language, and other metadata needed to provide and troubleshoot the chat experience.

Visitor chat data is usually Customer-controlled data. Customers decide whether to deploy the widget, what content powers the agent, what disclosures are provided, and how visitor requests are handled.

3.4 Data Sources, Scraped Content, and Files

When Customer adds data sources, we may process submitted URLs, sitemap URLs, page titles, page HTML or text extraction output, markdown, citations, structured data, file names, file contents, raw text, classification metadata, transformation metadata, chunks, embeddings, retrieval scores, source URLs, and related operational metadata.

Customer is responsible for having authority to submit, crawl, copy, store, transform, index, embed, and use such content. Chat4U may store scrape authority attestations and scrape audit records for legal evidence.

3.5 Pro Agent Data

Pro Agent features may process page snapshots, element text, tool parameters, tool results, navigation events, approval events, and related tool metadata. Browser-side safeguards redact common sensitive form fields, and certain selectors may be denied. These controls reduce risk but are not guarantees. Customers must not use Pro Agent for payment card handling, credential collection, regulated decisions, or sensitive workflows unless appropriate controls are in place.

3.6 Technical, Log, and Security Data

We may collect IP addresses, user agents, device/browser information, operating system, request metadata, API metadata, error logs, rate-limit events, queue events, security events, abuse indicators, diagnostic data, performance metrics, and timestamps.

3.7 Contact, Sales, and Support Data

If you contact us, submit a form, request support, participate in sales communications, or report an issue, we may process your contact details, message content, attachments, company information, and communication history.

3.8 Legal and Compliance Data

We may process legal-document acceptance records, privacy request records, identity/authority verification notes, takedown or abuse complaints, security incident records, billing records, and audit logs.

4. Cookies and Browser Storage

We use cookies and browser storage for authentication, session continuity, consent preferences, language, accessibility preferences, widget operation, chat continuity, security, and optional analytics or marketing technologies. The Chat4U widget may use visitor/session identifiers and browser storage to maintain conversations and Pro Agent tool continuity.

On the Chat4U marketing website, the chat widget loads only after functional chat consent is granted. Analytics and marketing technologies are used only according to consent requirements and configuration.

For details, see our Cookie Policy.

5. How We Use Personal Data

We process personal data to:

  • provide, operate, maintain, secure, and troubleshoot the Service;
  • create and manage accounts, workspaces, organizations, roles, and permissions;
  • provide AI chat, RAG retrieval, content indexing, demos, and Pro Agent tool functionality;
  • process scraping, file uploads, text ingestion, embeddings, reranking, and retrieval;
  • enforce plan limits, credits, storage limits, rate limits, and subscription entitlements;
  • provide support, respond to inquiries, and communicate service updates;
  • monitor, detect, prevent, and investigate abuse, fraud, security events, and unauthorized scraping;
  • record legal acceptance, attestations, privacy requests, complaints, and compliance evidence;
  • comply with legal obligations and enforce our Terms, DPA, Acceptable Use Policy, and Regulated Use Addendum;
  • improve the Service using aggregated, de-identified, or operational data.

We do not sell personal data. We do not use Customer content or visitor conversations to train general-purpose AI models for third parties. However, third-party AI providers may process data according to their terms, enterprise settings, customer-provided keys, and applicable data-control settings.

6. Legal Bases

Where GDPR, UK GDPR, or similar laws apply, our legal bases may include:

  • Contract: to provide the Service, authenticate users, manage subscriptions, and deliver requested functionality;
  • Legitimate interests: to secure the Service, prevent abuse, improve reliability, provide support, analyze aggregated usage, and enforce rights;
  • Consent: for certain cookies, marketing communications, or other optional processing where required;
  • Legal obligation: to maintain records, respond to lawful requests, handle tax/accounting requirements, and comply with applicable law;
  • Processor instructions: where we process Customer Personal Data on behalf of Customer under the DPA.

Customers are responsible for determining and documenting their own legal bases for Customer-controlled visitor and datasource processing.

7. Disclosure and Sub-processors

We may disclose personal data to:

  • cloud hosting, infrastructure, security, storage, logging, and CDN providers;
  • authentication and organization-management providers;
  • LLM, embedding, reranking, moderation, guardrail, and observability providers;
  • email, support, sales, analytics, payment, and business operations providers;
  • proxy providers where configured for scraping retries;
  • professional advisers, auditors, insurers, and legal counsel;
  • authorities, courts, or third parties where required by law or necessary to protect rights, safety, security, or legal interests;
  • a successor or acquirer in connection with a merger, acquisition, financing, reorganization, or sale of assets.

A current Sub-processor List is published separately. Customers may have objection rights under the DPA.

8. International Transfers

We and our providers may process personal data in multiple countries. Where required, we rely on appropriate safeguards such as adequacy decisions, Standard Contractual Clauses, the UK Addendum, data processing agreements, provider transfer mechanisms, and supplementary measures appropriate to the processing.

Customers should review the DPA and Sub-processor List for Customer Personal Data transfer details.

9. Retention

We retain personal data for as long as needed for the purposes described in this Policy, including to provide the Service, comply with legal obligations, resolve disputes, enforce agreements, support security, maintain audit evidence, and satisfy legitimate business needs.

Retention periods vary by data type:

  • account and workspace data are generally retained while the account or workspace is active and for a reasonable period afterward;
  • visitor chats, demos, documents, vectors, scraped content, and uploaded content follow Customer project/datasource deletion paths, subject to backups and logs;
  • crawl artifacts, scrape jobs, ingestion jobs, scrape logs, usage logs, and operational tables may be subject to configured retention cleanup;
  • legal acceptances, scrape audit logs, privacy request logs, billing records, security records, and abuse records may be retained longer as legal evidence;
  • backups and security logs may persist for limited periods after deletion from production systems.

At launch, DSAR/export/delete handling is manual but audited. We will document actions taken and any legal or technical exceptions.

10. Security

We maintain administrative, technical, and organizational safeguards designed to protect personal data. These include access controls, authentication, authorization, encrypted transport, environment separation, logging, monitoring, backup and recovery practices, vendor management, incident-response procedures, and browser-side safeguards for selected Pro Agent data.

No system is perfectly secure. Customers are responsible for securing their own websites, systems, users, credentials, provider keys, widget deployment, prompts, and content.

11. Your Rights and Requests

Depending on your jurisdiction, you may have rights to access, correct, delete, export, restrict, or object to processing of your personal data, and rights concerning certain automated decisions or marketing communications.

If you are an account user, contact support@chat4u.ai. If you are a visitor who interacted with a Chat4U widget on a customer's website, you should usually contact that website owner first because the customer is typically controller of your visitor chat data. We will support customers in responding to visitor requests as required by the DPA.

We may need to verify identity and authority before acting on a request. We may decline or limit requests where permitted by law, including for security, fraud prevention, legal claims, business records, freedom of expression, or another legal exception.

12. Regional Notices

12.1 EEA, UK, Switzerland, Israel, Canada, Brazil, and Similar Laws

Residents of jurisdictions with comprehensive privacy laws may have the rights described above and may contact a supervisory authority if they believe their rights have been violated. We encourage you to contact us first so we can address concerns.

12.2 California and US State Privacy Laws

Where applicable, we provide notice of categories of personal information collected, purposes of use, categories of disclosures, and rights to access, delete, correct, and opt out of certain processing. We do not sell personal information. We do not knowingly share personal information for cross-context behavioral advertising unless separately disclosed and consented where required.

12.3 Children

The Service is not directed to children. Customers must not use Chat4U for child-directed services or children's personal data unless they have all required notices, consents, parental or school authorization, deletion workflows, and compliance controls. If you believe a child provided personal data to Chat4U without appropriate authorization, contact us.

13. Regulated and Sensitive Data

Customers must not submit health, financial, payment, children's, legal, employment, housing, credit, education, biometric, government-ID, or other sensitive data unless they have the required lawful basis, consents, disclosures, security controls, and contractual arrangements. Chat4U does not provide a HIPAA BAA, PCI certification, COPPA parental-consent tooling, or regulated-advice compliance tooling unless separately agreed in writing.

14. Changes to This Policy

We may update this Privacy Policy to reflect changes in law, technology, providers, product behavior, or our practices. Material changes may be communicated through the website, dashboard, email, or required legal acceptance flow. The version and last-updated date indicate the current version.

15. Contact

Privacy and data-protection questions, requests, or complaints may be sent to:

Chat4U
support@chat4u.ai
chat4u.ai